Django Localhost CORS not working
Here in this error the hint is clearly mentioning that it needs https://
HINT: Add a scheme (e.g. https://) or netloc (e.g. example.com).
Moreover, it is also true that braces matters in django settings.
CORS_ORIGIN_WHITELIST = [ 'https://localhost:3000']
And the above settings work fine.
While the same settings with different brackets won't work
CORS_ORIGIN_WHITELIST = ( 'https://localhost:3000')
For me i used [] instead of ().Also don't add a '/' at the end url.
Something like this
CORS_ORIGIN_WHITELIST = [ 'http://localhost:3000']
I had the same problem. By browsing the django-cors-headers
-code found my mistake was the following:
While a complete CORS-header looks like this (notice schema AND hostname):
Access-Control-Allow-Origin: https://example.com
The CORS_ORIGIN_WHITELIST
setting wants it in a format that compares to urlparse.netloc
(docs) of the Origin
-header, which is only the host (possibly the port)
def origin_found_in_white_lists(self, origin, url): return ( url.netloc in conf.CORS_ORIGIN_WHITELIST or (origin == 'null' and origin in conf.CORS_ORIGIN_WHITELIST) or self.regex_domain_match(origin) )
While the RegEx-whitelist compares it against the complete Origin
-header.
So the correct setting (as the example in the setup-manual correctly states, but not properly describes) would be:
CORS_ORIGIN_WHITELIST = ( 'example.com',)
Which can be a problem if you do not want your API to talk to the non-secure http-version of a website. Use the RegEx in that case.
Also note: during troubleshooting I found out that the CORS-header is completely absent if no match is found. Which means that absence of the header is not a sure indication of a complete malfunction of the middleware, but maybe just a misconfiguration.